4
page 45/5/2015 CSE 542: Graduate Operating Systems Compiler/language based mechanism  Compiler based enforcement  Specification of protection in a programming language allows the high-level description of policies for the allocation and use of resources  Java VM  Multiple threads within a single JVM have different access rights  A class is assigned a protection domain when it is loaded by the JVM. The protection domain indicates what operations the class can (and cannot) perform  Protection enforced using stack inspection

6
page 65/5/2015 CSE 542: Graduate Operating Systems Risk analysis  Important to understand threat and perform risk analysis  No system is “secure”, systems usually trade security for performance, ease of use etc.  If information is worth x and it costs y to break into system and if (x < y), then not worth encryption  Wasteful to build a system that is more secure than is necessary  Ssh in CSE dept – good  Palm pilots may not require powerful encryption systems if they are expected to be physically secure

8
page 85/5/2015 CSE 542: Graduate Operating Systems Security Attacks  Social engineering attacks  Preys on people gullibility (good nature), hardest to defend  E.g. I once got an unlisted number from a telephone operator because I sounded desperate (I was, but that was not the point)  E.g. Anna kour*va virus, Nigerian scam, MS update scam  E.g. If I walk in with coupla heavy looking boxes into the elevator to go to Fitz 3 rd floor (at night) would you let me in? You can get into “secure” companies by looking like you “belong” there  Denial of service attacks  Network flooding, Distributed DOS, holding resources, viruses

11
page 115/5/2015 CSE 542: Graduate Operating Systems RSA Paper - Encryption  Properties of good encryption technique:  Relatively simple for authorized users to encrypt and decrypt data.  Encryption scheme depends not on the secrecy of the algorithm but on a parameter of the algorithm called the encryption key.  Extremely difficult for an intruder to determine the encryption key.

12
page 125/5/2015 CSE 542: Graduate Operating Systems Strength  Strength of crypto system depends on the strengths of the keys  Computers get faster – keys have to become harder to keep up  If it takes more effort to break a code than is worth, it is okay  Transferring money from my bank to my credit card and Citibank transferring billions of dollars with another bank should not have the same key strength

21
page 215/5/2015 CSE 542: Graduate Operating Systems Algorithm  To break their algorithm requires that you factor a large prime  Computationally very hard. Can’t be “proven” yet  With present technology, 512 bit key takes a few months to factor using “super computers”, 1024 takes a long time and 2048 takes a very long time  Takes 2 seconds to generate a 2048 bit key on a 933 Mhz Pentium, 1 seconds in a 2.4 GHz Xeon  Algorithm has remained secure for the past ~20 years  One of the most successful public key system

22
page 225/5/2015 CSE 542: Graduate Operating Systems Authentication  Method for obtaining the source of the request  Who said this?  Interpreting the access rule – authorization  Who is trusted to access this?  Access control list (ACL)  Easier in central servers because the server knows all the sources

28
page 285/5/2015 CSE 542: Graduate Operating Systems Principals with names  When requests arrive on a channel it is granted only if the channel speaks for one of the principals on the ACL  Push: sender collects A’s credentials and presents them when needed  Pull: receiver looks up A in some database to get credentials for A